Business Associate Amendment, Amendment Number 2 to the Medical Group/IPA Services Agreement


Exhibit 10.190

 

[SEAL]

 

Business Associate Amendment,

Amendment Number 2 to the Medical Group/IPA Services Agreement

 

This Amendment Number 2 (“Amendment”) supplements and is made a part of the Medical Group/IPA Services Agreement (“Agreement”) dated January 1, 2001 by and between PacifiCare of California, Inc., a California corporation (“PacifiCare”) and Gateway Physicians Medical Associates, Inc. (“Medical Group”).

 

A.           PacifiCare and Medical Group are parties to the Agreement pursuant to which Medical Group provides a service to, or performs a function on behalf of, PacifiCare and, in connection therewith, uses or discloses Protected Health Information (“PHI”) that is subject to protection under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and certain regulations found at 45 CFR Parts 160 through 164 (“HIPAA Regulations”);

 

B.             PacifiCare is a Covered Entity as that term is defined in the HIPAA Regulations.  Medical Group creates or receives PHI from or on behalf of PacifiCare and is, therefore, a Business Associate, as defined in the HIPAA Regulations;

 

C.             Pursuant to the HIPAA Regulations, Medical Group, as a Business Associate of PacifiCare, must agree in writing to certain mandatory provisions regarding the use and disclosure of PHI; and

 

D.            The purpose of this Amendment is to satisfy the Business Associate contract requirements as set forth at § 164.504(e) of the HIPAA Regulations, as they may be amended from time-to-time.

 

NOW, THEREFORE, in consideration of the mutual promises and covenants contained herein, the parties agree as follows:

 

1.               Definitions.  Unless otherwise provided in this Amendment, capitalized terms have the same meaning as set forth in the HIPAA Regulations.

 

2.               Scope of Use and Disclosure of PHI.  Except as otherwise limited in this Amendment:

a.               Medical Group shall use and disclose PHI solely to provide the services, or perform the functions, described in the Agreement, provided that such use or disclosure would not violate the HIPAA Regulations if so used or disclosed by PacifiCare.

 

*** Confidential Information omitted and filed separately with the Securities and Exchange Commission.

 

1

 

b.              Medical Group may use or disclose PHI for the proper management and administration of Medical Group or to provide Data Aggregation services to PacifiCare.

 

3                  Obligations of Medical Group.  In connection with its use and disclosure of PHI, Medical Group shall:

a.               Not use or disclose PHI other than as permitted or required by the Agreement or as Required By Law.

b.              Use reasonable and appropriate safeguards to prevent use or disclosure of the PHI other than as provided for by this Amendment.

c.               Mitigate, to the extent practicable, any harmful effect that is known to Medical Group of a use or disclosure of PHI by Medical Group in violation of the requirements of this Amendment.

d.              Report to PacifiCare any use or disclosure of the PHI not provided for by this Amendment of which Medical Group becomes aware.

e.               Require contractors, subcontractors, and/or agents to whom Medical Group provides PHI created or received by Medical Group on behalf of PacifiCare to agree to the same restrictions and conditions that apply to Medical Group with respect to such PHI under this Amendment.

f.                 Medical Group access, at the request of PacifiCare, and in the time and manner as set forth in Section 2.9.5, General Data and Information Requirements, of the Agreement, to PHI in a Designated Record Set, to PacifiCare in order to meet the requirements under § 164.524 of the HIPAA Regulations.  If PacifiCare and Medical Group mutually agree, Medical Group may provide such access directly to Individual, provided that such access is provided to the Individual in the time-frames set forth in § 164.524 of the HIPAA Regulations.

g.              Make any amendment(s) to PHI in a Designated Record Set that PacifiCare directs or agrees to pursuant to § 164.526 of the HIPAA Regulations at the request of PacifiCare in the time and manner as set forth in Section 2.9.5, General Data and Information Requirements, of the Agreement.

h.              Make internal practices, books, and records, including, but not limited to, policies and procedures, relating to the use and disclosure of PHI created or received by Medical Group on behalf of PacifiCare available to the Secretary, and to PacifiCare, if requested, in a time and manner designated by the Secretary, for purposes of the Secretary determining PacifiCare’s compliance with the HIPAA Regulations.

i.                  Maintain for a period of six (6) years an accounting of all disclosures of PHI that are required to be maintained under § 164.528 of the HIPAA Regulations.  Such accounting will include the date of the disclosure, the name of the recipient, a description of PHI disclosed and the purpose of the disclosure.

 

2

 

j.                  Provide to PacifiCare in time and manner as set forth in Section 2.9.5, General Data and Information Requirements, of the Agreement, information collected in accordance with Section 3.i. of this Amendment, to permit PacifiCare to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with § 164.528 of the HIPAA Regulations.  If PacifiCare and Medical Group mutually agree, Medical Group may provide such accounting directly to Individual, provided that such accounting is provided to the Individual in the time-frames set forth in § 164.528 of the HIPAA Regulations.

k.               Make reasonable efforts to implement any restriction of the use or disclosure of PHI that PacifiCare has agreed to under Section 4.c. of this Amendment.

 

4.               Obligations of PacifiCare.  PacifiCare shall:

a.               Provide Medical Group with the notice of privacy practices that PacifiCare furnishes to Individuals in accordance with § 164.520 of the HIPAA Regulations.

b.              Promptly notify Medical Group of any changes in, or revocation of, permission by Individual to use or disclose PHI, to the extent that such changes may affect Medical Group’s use or disclosure of PHI.

c.               Promptly notify Medical Group of any restriction to the use or disclosure of PHI that PacifiCare has agreed to in accordance with § 164.522 of the HIPAA Regulations, to the extent that such restriction may affect Medical Group’s use or disclosure of PHI.

d.              Not request Medical Group to use or disclose PHI in any manner that would not be permissible under the HIPAA Regulations if so used or disclosed by PacifiCare, unless such use or disclosure is necessary for the purposes of Data Aggregation or management and administrative activities of Medical Group under the Agreement.

 

5.             Termination for Breach.  Upon PacifiCare’s knowledge of a material breach of the terms of this Amendment by Medical Group, PacifiCare shall, in accordance with the notification requirement and cure period set forth in the Agreement, provide an opportunity for Medical Group to cure the breach or end the violation.  PacifiCare may terminate the Agreement if Medical Group does not cure the breach or end the violation within the cure period set forth in the Agreement.

 

6.               Future Confidentiality of PHI.  Upon the expiration or earlier termination of the Agreement, for any reason, Medical Group shall return or destroy all PHI received from PacifiCare, or created or received by Medical Group on behalf of PacifiCare that Medical Group still maintains and retain no copies of such PHI; provided that if such return or destruction of PHI is infeasible, Medical Group shall provide to PacifiCare notification of the conditions that make return or destruction infeasible and shall extend the protections of this Amendment to

 

3

 

such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Medical Group maintains such PHI.

 

7.               Amendment.  The parties agree to take such action to amend this Amendment from time-to-time as is necessary for PacifiCare to comply with the requirements of HIPAA and the HIPAA Regulations.

 

8.               Survival.  The respective rights and obligations of Medical Group under Section 6 of this Amendment shall survive the termination of the Agreement.

 

9.               Interpretation.  Any ambiguity in this Amendment shall be resolved to permit PacifiCare to comply with the HIPAA Regulations.

 

10.         Conflict of Terms.  Whenever the terms of the Agreement and this Amendment are in conflict, the terms of this Amendment shall control.

 

11.         Other Terms, Remain in Force.  Except as expressly modified by the terms of this Amendment, all of the terms and conditions set forth in the Agreement shall remain in full force and effect.

 

12.         Effective Date.  This Amendment shall be effective immediately.

 

4


AutoNDA by SimpleDocs

Document Metadata

Filed: May 28th, 2004
Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!